Thanks for the interest and great question!

The allowlist uses nginx's map directive with the `hostnames` parameter, so it supports several matching patterns:

- Exact domains: `registry.npmjs.org` - Prefix wildcards: `.cloudfront.net` (matches any subdomain) - Suffix wildcards: `github.` (matches github.com, github.io, etc.) - Combined wildcards: `.example.com` (shorthand for both example.com and .example.com) - Regex patterns: `~^.\.amazonaws\.com$` for full PCRE support

Full nginx map documentation: https://nginx.org/en/docs/http/ngx_http_map_module.html

I'll add this to the documentation. Thanks!